如何从 Azure 云服务的代码创建访问控制规则?
How do I create access control rules from code for an azure cloud service?
我的云服务中有一个类似于下面的网络访问控制列表。如何以编程方式而不是从配置文件配置它?
其中一些 IP 地址可以更改。我想从域名解析IP地址,添加配置:
<NetworkConfiguration>
<AccessControls>
<AccessControl name="security">
<Rule action="permit" description="Allow access from A" order="100" remoteSubnet="xxx.xxx.xxx.xxx/32" />
<Rule action="permit" description="Allow access from B" order="200" remoteSubnet="xxx.xxx.xxx.xxx/32" />
<Rule action="permit" description="Allow access from C" order="300" remoteSubnet="xxx.xxx.xxx.xxx/32" />
<Rule action="deny" description="Deny access to everyone else" order="400" remoteSubnet="0.0.0.0/0" />
</AccessControl>
</AccessControls>
您可以创建一个单独的角色或一个 Azure 函数来生成新配置并通过 REST 更新服务:https://msdn.microsoft.com/en-us/library/azure/ee460812.aspx
好的。我最终编写了一个控制台应用程序,它在构建期间被调用,它获取删除云服务的 IP 地址并检查它是否与配置文件中的内容相对应。
如果没有,那我更新一下。很直接。
这是构建命令:
$(SolutionDir)<MyProjectName>$(OutDir)$(ConfigurationName)\MyExeName Update-FrontEnd-IPAddress-For-Azure-MicroService "$(SolutionDir)<AzureDeploymentProjectName>\ServiceConfiguration.Cloud.cscfg"
控制台应用程序执行:
private static void HandleCheckRoleEnvironment(string[] args)
{
if (args[0] == "Check-Role-Environment")
{
Console.WriteLine("Found Command: Check-Role-Environment");
if (RoleEnvironment.IsAvailable && !RoleEnvironment.IsEmulated)
{
Console.WriteLine("Running in Azure Cloud Environment");
Environment.Exit(0);
return;
}
else
{
Console.WriteLine("NOT Running in Azure Cloud Environment");
Environment.Exit(1);
return;
}
}
}
这是更新配置文件的代码:
private static void ExecuteUpdateFrontEndIPAddressForAzureMicroService(string configFilePath)
{
if (!File.Exists(configFilePath))
{
return;
}
var ipAddressList = Dns.GetHostAddresses("MyDomainName");
Console.WriteLine($"The IP address for MyDomainName is {ipAddressList[0].ToString()}");
var correctValue = $"{ipAddressList[0].ToString()}/32";
var document = new XmlDocument();
document.Load(configFilePath);
//Rule nodes
var rules = document.ChildNodes[1].LastChild.FirstChild.FirstChild.ChildNodes;
var rule = (from XmlNode p in rules
where p.Attributes["description"].Value == "Allow access from MyDomainName"
select p).FirstOrDefault();
var ipAddressValue = rule.Attributes["remoteSubnet"].Value;
Console.WriteLine($"The IP address in the config file is {ipAddressValue}");
if (correctValue != ipAddressValue)
{
rule.Attributes["remoteSubnet"].Value = correctValue;
document.Save(configFilePath);
Console.WriteLine("The config file has been updated with the correct IP address.");
}
else
{
Console.WriteLine("The config file is upto date and will not be updated.");
}
}
我的云服务中有一个类似于下面的网络访问控制列表。如何以编程方式而不是从配置文件配置它?
其中一些 IP 地址可以更改。我想从域名解析IP地址,添加配置:
<NetworkConfiguration>
<AccessControls>
<AccessControl name="security">
<Rule action="permit" description="Allow access from A" order="100" remoteSubnet="xxx.xxx.xxx.xxx/32" />
<Rule action="permit" description="Allow access from B" order="200" remoteSubnet="xxx.xxx.xxx.xxx/32" />
<Rule action="permit" description="Allow access from C" order="300" remoteSubnet="xxx.xxx.xxx.xxx/32" />
<Rule action="deny" description="Deny access to everyone else" order="400" remoteSubnet="0.0.0.0/0" />
</AccessControl>
</AccessControls>
您可以创建一个单独的角色或一个 Azure 函数来生成新配置并通过 REST 更新服务:https://msdn.microsoft.com/en-us/library/azure/ee460812.aspx
好的。我最终编写了一个控制台应用程序,它在构建期间被调用,它获取删除云服务的 IP 地址并检查它是否与配置文件中的内容相对应。
如果没有,那我更新一下。很直接。
这是构建命令:
$(SolutionDir)<MyProjectName>$(OutDir)$(ConfigurationName)\MyExeName Update-FrontEnd-IPAddress-For-Azure-MicroService "$(SolutionDir)<AzureDeploymentProjectName>\ServiceConfiguration.Cloud.cscfg"
控制台应用程序执行:
private static void HandleCheckRoleEnvironment(string[] args)
{
if (args[0] == "Check-Role-Environment")
{
Console.WriteLine("Found Command: Check-Role-Environment");
if (RoleEnvironment.IsAvailable && !RoleEnvironment.IsEmulated)
{
Console.WriteLine("Running in Azure Cloud Environment");
Environment.Exit(0);
return;
}
else
{
Console.WriteLine("NOT Running in Azure Cloud Environment");
Environment.Exit(1);
return;
}
}
}
这是更新配置文件的代码:
private static void ExecuteUpdateFrontEndIPAddressForAzureMicroService(string configFilePath)
{
if (!File.Exists(configFilePath))
{
return;
}
var ipAddressList = Dns.GetHostAddresses("MyDomainName");
Console.WriteLine($"The IP address for MyDomainName is {ipAddressList[0].ToString()}");
var correctValue = $"{ipAddressList[0].ToString()}/32";
var document = new XmlDocument();
document.Load(configFilePath);
//Rule nodes
var rules = document.ChildNodes[1].LastChild.FirstChild.FirstChild.ChildNodes;
var rule = (from XmlNode p in rules
where p.Attributes["description"].Value == "Allow access from MyDomainName"
select p).FirstOrDefault();
var ipAddressValue = rule.Attributes["remoteSubnet"].Value;
Console.WriteLine($"The IP address in the config file is {ipAddressValue}");
if (correctValue != ipAddressValue)
{
rule.Attributes["remoteSubnet"].Value = correctValue;
document.Save(configFilePath);
Console.WriteLine("The config file has been updated with the correct IP address.");
}
else
{
Console.WriteLine("The config file is upto date and will not be updated.");
}
}